eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Revert "helm: add a default for RPSS_ENABLED"

Browse source
This commit is contained in:
Simon L. 2024-11-26 11:08:55 +01:00 committed by GitHub
parent e74436c3c1
commit b1353d309e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 30 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
View file

@ -31,7 +31,7 @@ spec:
runAsUser: 33
runAsGroup: 33
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -74,7 +74,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

6
nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
View file

@ -32,7 +32,7 @@ spec:
runAsUser: 100
runAsGroup: 100
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -50,7 +50,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
@ -73,7 +73,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

6
nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
View file

@ -31,7 +31,7 @@ spec:
runAsUser: 999
runAsGroup: 999
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -49,7 +49,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
@ -76,7 +76,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
View file

@ -30,7 +30,7 @@ spec:
runAsUser: 65534
runAsGroup: 65534
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -49,7 +49,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

8
nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
View file

@ -23,7 +23,7 @@ spec:
labels:
io.kompose.service: nextcloud-aio-nextcloud
spec:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
{{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
securityContext:
# The items below only work in pod context
fsGroup: 33
@ -32,7 +32,7 @@ spec:
runAsUser: 33
runAsGroup: 33
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -179,12 +179,12 @@ spec:
- name: WHITEBOARD_SECRET
value: "{{ .Values.WHITEBOARD_SECRET }}"
image: nextcloud/aio-nextcloud:20241125_091756
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
{{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
View file

@ -31,7 +31,7 @@ spec:
runAsUser: 33
runAsGroup: 33
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -64,7 +64,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
View file

@ -31,7 +31,7 @@ spec:
runAsUser: 999
runAsGroup: 999
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -50,7 +50,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
View file

@ -30,7 +30,7 @@ spec:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -67,7 +67,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
View file

@ -32,7 +32,7 @@ spec:
runAsUser: 122
runAsGroup: 122
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -55,7 +55,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]

4
nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
View file

@ -30,7 +30,7 @@ spec:
runAsUser: 65534
runAsGroup: 65534
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -57,7 +57,7 @@ spec:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]